WTF

1. - login.php
2. <?php
3. session_start();
4. if(isset($_POST['login'], $_POST['password'], $_POST['password2'])) {
5. if($_POST['password']==$_POST['password2']) {
6. try {
7. define("DBTYPE", "mysql");
8. define("DBHOST", "localhost");
9. define("DBNAME", "lab12");
10. define("DBUSER", "root");
11. define("DBPASS", "root");
12. $db = new PDO(DBTYPE . ':host=' . DBHOST . ';dbname=' . DBNAME,DBUSER,DBPASS);
13. $name = $_POST['login'];
14. $pass = $_POST['password'];
15. $db -> exec("USE lab12");
16. $query = "SELECT * FROM users WHERE login=:name";
17. $prep = $db->prepare($query);
18. $prep->bindParam(':name',$name);
19. $prep->execute();
20. if($prep->rowCount()!=0) {
21. $res = $prep->fetch();
22. if($res[2]==$pass) {
23. $_COOKIE['name'] = $name;
24. $_COOKIE['pass'] = $pass;
25. $_COOKIE['signedin'] = true;
26. } else {
27. $_SESSION['error'] = true;
28. $_SESSION['err_type'] = "Wrong password.";
29. header('Location: signin.php');
30. exit;
31. }
32. } else {
33. $_SESSION['error'] = true;
34. $_SESSION['err_type'] = "User not found.";
35. header('Location: index.php');
36. exit;
37. }
38. } catch (PDOException $e) {
39. $_SESSION['error'] = true;
40. $_SESSION['err_type'] = "Unsuccessful SQL transaction. Please try again later.";
41. header('Location: index.php');
42. exit;
43. }
44. } else {
45. $_SESSION['error'] = true;
46. $_SESSION['err_type'] = "Passwords do not match.";
47. header('Location: index.php');
48. exit;
49. }
50. } else {
51. $_SESSION['error'] = true;
52. $_SESSION['err_type'] = "Please try again.";
53. header('Location: signin.php');
54. exit;
55. }
56. ?>